[x3d-public] Oops! Log4jShell — upgrade to log4j 2.16.0 or 2.12.2
John Carlson
yottzumm at gmail.com
Tue Dec 21 18:54:53 PST 2021
Has anyone heard of patches beyond 2.17.0? I’ve started removing
dependencies on log4j that didn’t exist in reality. That’s what’s weird,
one attaches log4j to projects that don’t even need it. That’s how
pervasive log4j is.
John
On Thu, Dec 16, 2021 at 3:35 PM John Carlson <yottzumm at gmail.com> wrote:
> Upgrades for previous patch of log4j (2.15.0) had a vulnerability.
> Upgrade to 2.16.0 or 2.12.2.
>
> Urgh! From YouTube.
>
> Here we go again!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20211221/0d52da19/attachment.html>
More information about the x3d-public
mailing list